Quantum Cryptography – The Future of CyberSecuritymarketing.idquantique.com/acton/attachment/11868/f-00e4/1... · Quantum-Safe Crypto « Post-quantum » or «quantum-resistant»

Quantum Cryptography – The Future of CyberSecurity

IP Expo, UKKelly Richdale, VP Quantum Safe Security ID Quantique

© 2015 ID Quantique SA, Switzerland | page 2 ID Quantique PROPRIETARY

ID Quantique

• Swiss company based in Geneva

• Founded in 2001 by Universityof Geneva researchers

• Focuses on the opportunities of quantum physics & photonics

• 3 business units

Random NumberGeneration

Quantum SafeCrypto

Photon Counting


THREATS TO OUR CURRENT CRYPTO PRIMITIVES


� Much of today’s cyber security is based on Public Key Systems(mainly RSA, ECC)

� Are they truly safe?

Cryptography – the Engine of Cyber Security


Identical keysKey Exchange?

⊕

Message

Secret Key

ScrambledMessage

⊕

Message

Secret Key

Alice

BobSymmetric Crypto

eg. AES

Asymmetric (Public Key)Crypto eg. RSA & ECC

Today’s Crypto-Systems


Grover’s Algorithm� Lov Grover, 1996� Quantum algorithm to perform

search in an unsorted database� O(n½) vs O(n)

� Key halved for symmetriccryptographyAES-128 � 64 bits securityAES-256 � 128 bits security

Shor’s Algorithm� Peter Shor, 1994� Quantum algorithm for integer

factorization� Breaks today’s public key crypto:

RSA, ECC, DHO((log N)3) vs O(e1.9 (log N)1/3 (log log N)2/3)

Quantum Algorithms… Just awaiting a Quantum Computer

© 2015 ID Quantique SA, Switzerland | page 7 ID Quantique PROPRIETARY 7

Today’s Public Key Crypto at Risk

Identical keysKey Exchange?

⊕

Message

Secret Key

ScrambledMessage

⊕

Message

Secret Key

Alice

BobSymmetric

Cryptography

AsymmetricCryptography

Quantum-Safeprovided key islong enough

At risk


So What About the Quantum Computer?� Computation with Qubits� Main difference:

Coherent superposition of states � Behaves like a massively parallel compute

• Solves problems in much fewer steps

� Opportunity: some “intractable” computations become feasible � Threat: Quantum algorithms already exist which can break current public key

cryptographic primitives (RSA, ECC…)• This is why Quantum Computing is now discussed in Information Security …


Quantum Computers in the News (1)


Quantum Computers in the News (2)


Government Funding for Quantum Tech


NSA Announcement: 19 Aug 2015

“In the current global environment, rapid and secure information sharing is important to protect our Nation, its citizens and its interests. Strong cryptographic algorithms and secure protocol standards are vital tools that contribute to our national security and help address the ubiquitous need for secure, interoperable communications”.“IAD will initiate a transition to quantum resistant algorithms in the not too distant future.”“Our ultimate goal is to provide cost effective security against a potential quantum computer.”


QUANTUM-SAFE SOLUTIONS


Quantum-Safe Crypto

� « Post-quantum » or «quantum-resistant» cryptography• Classical codes deployable without

quantum technologies (eg. Latticebased codes)

• Believed/hoped to be secureagainst quantum computer attacksof the future

� Quantum Key Distribution• Quantum codes requiring some

quantum technologies currentlyavailable

• Typically no computationalassumptions and thus known to besecure against quantum attacks

+

Both sets of cryptographic tools can work together to form a quantum-safe cryptographic infrastructurehttp://docbox.etsi.org/Workshop/2013/201309_CRYPTO/Quantum_Safe_Whitepaper_1_0_0.pdf


Quantum-Resistant Algorithms Need to be Extensively Tested


QUANTUM-SAFE SOLUTIONS PART 2:

WHERE QUANTUM PHYSICS CAN HELP


Quantum Mechanics: Quantum-Safe Key Generation and Distribution

High speed cryptosystemimplementation

Key ManagementProcess

Crypto K

ey Lifecycle


Random Numbers in Cryptography

� Kerckhoffs’ Principle : • A cryptosystem should be secure even if everything about

the system, except the key, is public knowledge.

� To provide adequate security the key must be:• Unique• Truly random (unpredictable)• Stored, distributed & managed security

� But what if it can be guessed? Or made less random?

Auguste Kerckhoffs(19 January 1835 – 9 August 1903)

Key


Random Numbers in Cryptography

� Random numbers are difficult to produce• Computer programs are deterministic• Computers cannot produce random numbers without special

hardware

� Impossible to prove randomness of a finite sequence a posteriori• Possible only to test the statistical properties of the random

numbers• When generating random numbers, understanding the method

used is critical

� One of the easiest and most effective attack vectors is to ‘dumb down’ the RNG to make the keys predictable


� Since 2007 NSA’s Bullrun program inserted vulnerabilities into commercial encryption systems through use of the compromised Dual EC DRBG

� A renowned report ‘Mining Your Ps and Qs’ foundsystematic weaknesses in network devices due to poor entropy from software-based RNGs• Keys served more than once: 60%• Weak keys: 5.6%• Vendors:Cisco, Dell, IBM, etc.

� Problems from use of software RNG’s• Not enough entropy due to isolation of devices• Poor implementation (key generation too early in boot

process)

Attacks on the Randomness of the RNG

N. Heninger et al., « Mining your Ps and Qs: Detection of widespread weak keys in network devices », Usenix Security 2012


Source of photons

Detectors

Key Generation from Quantum Randomness � Classically: randomness is generated by

complexity� Quantum mechanics: randomness is

intrinsic� Advantages:

• Speed• Reliability• Instant entropy (randomness)


Quantum Key Distribution: ProvableSecurity

⊕

Message

Secret Key

ScrambledMessage

⊕

Message

Secret Key

Alice

BobSymmetric

CryptographyIdentical keys

Key Exchange ?!?

� Quantum key distribution: Secure key distribution over insecure channels� Security based on the principles of quantum mechanics

• Observation causes perturbation• Provable forward secrecy

� Key can be used for all types of cryptographic applications


Typical Deployment: Data Center Interconnect

xWDM

Quantum Channel– Dark Fiber

Primary Data Center Disaster Recovery Center

Ethernet

Fibre Channel

Multiple deployments in the banking and government sectors in Europe


� Geneva (Switzerland) uses QKD to guarantee confidentiality & integrity of data during federal & cantonal elections

� Working since October 2007

CentralVote Counting Station

Geneva GovernmentData Center Ballots

Downtown Geneva

Cerberis Solution

Mail Votes

4 km

Elections in Geneva (2007 - 2015)


Siemens/ATOS NL Deployment

� Data center link for large financial institution in Netherlands

� Securing key exahnge for high speed link encryption

� Installed in 2010


2015: Towards Quantum-Safe Key Distribution Networks


Towards Quantum-Safe Security: A Global QKD Network


QUANTUM RISK ASSESSMENT FOR INDUSTRY


Risk = Probability X Impact

Probability of quantum threatstill low…but increasing & seen to beinevitable (even by NSA)

Impact of threat: extremely high… if no action taken(all digital assets at risk)

So Who Cares? (A Classical Risk Analysis)

Is this risk management or business continuity?


Timing Issues

Time

InformationExchange Information lifetime

(based on legal, business or strategic constraints)

Vulnerability

Time for migrationto Quantum-Safe

Today

• Probability of quantum computer: 10-20 years

• Time for migration: a few years

• Plus lifetime of data!

� ETSI: Need to plan now for information with long-term confidentiality


Use QKD here

Use QRA here

Towards Quantum-Safe Security: QKD or QRA?

And use QKD for data with long-term secrecy….


Use QRA-based

encryption here

Use QKD-based encryption and PQA authentication here…

…and here

Digitally sign with QRA here

Towards Quantum Safe Security: A Holistic Approach


Conclusion: ETSI Recommendations

� Need to start thinking: Quantum-safe security now!• ETSI white paper on quantum-safe cryptography, 2014:

“Without quantum-safe encryption everything we have ever transmitted over a network, or will ever transmit over a network is vulnerable”

• Start protecting data with long term confidentiality requirements now

� Two directions: Use in complement to each other for holistic security• Quantum Resistant algorithms• Quantum Key Distribution

� Use Quantum-Safe designs• Require vendors to provide quantum-safe roadmap• Crypto-agility to upgrade

http://docbox.etsi.org/Workshop/2013/201309_CRYPTO/Quantum_Safe_Whitepaper_1_0_0.pdf


Announcement: Winter School 2016

ID Quantique is proud to announce its 8th Winter School

� Topic: Quantum Cyber Security;� Date: Sunday, January 17th to Thursday, January 21st 2016;� Location: Les Diablerets, Switzerland;� Key speakers:

John Martinis, Google; Michele Mosca, IQC, Canada; Gilles Brassard, Uni. Montréal; Nicolas Gisin, UniGe.

� More information at: 8th-winter-school-on-quantum-cyber-security

� Contact: [email protected]


Thank you for your attention

� Contact informationKelly [email protected]

ID Quantique SAChemin de la Marbrerie, 3CH-1227 Carouge/GenevaSwitzerland

[email protected]

Quantum Cryptography – The Future of CyberSecuritymarketing.idquantique.com/acton/attachment/11868/f-00e4/1... · Quantum-Safe Crypto « Post-quantum » or «quantum-resistant»

Documents